The world is rapidly running out of unallocated IPv4 addresses. To meet the growing demand for Internet service from new subscribers, devices, and service types, Internet Service Providers (ISPs) will be forced to share a single public IPv4 address among multiple subscribers using a technology such as but not limited to Carrier Grade Network Address Translator (CGN).
However, address sharing poses additional challenges to ISPs in responding to law enforcement requests or attack/abuse reports where identification of a server associated with a particular network address is desired. In order to respond to such requests an ISP will need to map a subscriber's inside IP address and port address with an outside IP address and an outside port address provided by the CGN for every connection initiated by a user.
The CGN may be configured to permanently or non-transitorily store connection logs sufficient to identify attackers and respond to abuse/law enforcement requests, but these logs imposes significant operational challenges to ISPs. In lab testing, the inventors of the present invention have observed CGN log messages to be approximately 150 bytes long for NAT444, and 175 bytes for DS-Lite (individual log messages vary somewhat in size). Reports from several ISPs indicate the average number of connections per household per day at approximately 33,000 connections per day. When each connection is individually logged by the CGN, a data volume of approximately 5 MB per subscriber per day, or about 150 MB per subscriber per month, is required to maintain the log. Based on available data, a 1-million subscriber service provider will generate approximately 150 terabytes of log data per month, or 1.8 petabytes per year.
Accordingly, the inventors of the present invention believe a need exists to ameliorate the amount of data a CGN, or other device in communication therewith, would need to store in order to identify attackers and/or respond to abuse/law enforcement requests.